|
246881
|
7.5 |
HIGH
Network
|
asustor
|
data_master
|
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is c…
|
CWE-22
Path Traversal
|
CVE-2018-12309
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246882
|
6.5 |
MEDIUM
Network
|
asustor
|
data_master
|
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
|
CWE-200
Information Exposure
|
CVE-2018-12308
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246883
|
8.8 |
HIGH
Network
|
asustor
|
data_master
|
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
|
CWE-78
OS Command
|
CVE-2018-12307
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246884
|
7.5 |
HIGH
Network
|
asustor
|
data_master
|
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
|
CWE-22
Path Traversal
|
CVE-2018-12306
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246885
|
6.1 |
MEDIUM
Network
|
asustor
|
data_master
|
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12305
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246886
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection
|
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally …
|
CWE-426
Untrusted Search Path
|
CVE-2018-12245
|
2024-11-21 12:44 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246887
|
6.8 |
MEDIUM
Physics
|
symantec
|
endpoint_protection_cloud
endpoint_protection
norton_antivirus
|
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; an…
|
NVD-CWE-noinfo
|
CVE-2018-12239
|
2024-11-21 12:44 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246888
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection_cloud
endpoint_protection
norton_antivirus
|
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; an…
|
NVD-CWE-noinfo
|
CVE-2018-12238
|
2024-11-21 12:44 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246889
|
4.3 |
MEDIUM
Network
|
nodejs
|
node.js
|
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL …
|
CWE-20
Improper Input Validation
|
CVE-2018-12123
|
2024-11-21 12:44 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246890
|
7.5 |
HIGH
Network
|
nodejs
suse
|
node.js
suse_linux_enterprise_server
suse_enterprise_storage
suse_openstack_cloud
|
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTT…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-12122
|
2024-11-21 12:44 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
